Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

child_process: Add nullptr checks after allocations #6256

Closed
wants to merge 1 commit into from

Conversation

addaleax
Copy link
Member

@addaleax addaleax commented Apr 18, 2016

Checklist
  • tests and code linting passes
  • a test and/or benchmark is included
  • the commit message follows commit guidelines
Affected core subsystem(s)

child_process

Description of change
  • Add checks against null pointers after allocations made when spawning child processes for arguments, environment variables, etc.
  • Make sure that the out-of-range tests for setting the uid/gid work when uid_t/gid_t are unsigned types (e.g. Linux) and the supplied value is negative, to the degree to which that is possible.

@addaleax addaleax added the child_process Issues and PRs related to the child_process subsystem. label Apr 18, 2016
int32_t uid_i32 = uid_v->Int32Value();
uv_uid_t uid = static_cast<uv_uid_t>(uid_i32);
// uv_uid_t may be unsigned, so compare with the widest available type
if (static_cast<intmax_t>(uid_i32) != static_cast<intmax_t>(uid)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this logic is entirely correct (but neither is the existing logic.) People sometimes pass e.g. { uid: -2 } but this check would reject that.

(Also, there's a narrowing conversion two lines up when sizeof(int32_t) > sizeof(uv_uid_t). That's mostly academical, though.)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

People sometimes pass e.g. { uid: -2 } but this check would reject that.

This check would reject that iff uv_uid_t is unsigned, which is kind of the point here… or am I missing something?
And yes, that the conversion is narrowing is intentional – the goal is to see whether the value is still the “same” after converting to uv_uid_t.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

uv_uid_t is unsigned on most platforms (all supported platforms, actually) but e.g. on OS X, the entry for user nobody looks like this:

$ grep nobody /etc/passwd 
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false

Passing that works (or should work) because signed-to-unsigned conversion of -2 is UINT_MAX-1 (and has well-defined behavior; the other way around is implementation-defined behavior.)

I remember we've had to rework similar uid/gid checks because they broke working code.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bnoordhuis Okay, I’m removing these changes then. Thanks for the explanation!

@addaleax addaleax force-pushed the process-wrap-cleanup branch 2 times, most recently from 071f697 to 4daebc1 Compare April 18, 2016 08:20
@addaleax addaleax changed the title child_process: Minor cleanups in process_wrap.cc child_process: Add nullptr checks after allocations Apr 18, 2016
@bnoordhuis
Copy link
Member

LGTM. Commit log nit: s/Add/add/

Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.
@addaleax addaleax force-pushed the process-wrap-cleanup branch from 4daebc1 to 1cf6bf7 Compare April 18, 2016 08:57
@cjihrig
Copy link
Contributor

cjihrig commented Apr 18, 2016

@mscdex mscdex added the c++ Issues and PRs that require attention from people who are familiar with C++. label Apr 18, 2016
@jasnell
Copy link
Member

jasnell commented Apr 18, 2016

LGTM

@jasnell
Copy link
Member

jasnell commented Apr 20, 2016

@addaleax ... this one too? ;-)

@addaleax
Copy link
Member Author

Sure. 😄 Landed in 29ca969. :)

@addaleax addaleax closed this Apr 20, 2016
@addaleax addaleax deleted the process-wrap-cleanup branch April 20, 2016 16:04
addaleax added a commit that referenced this pull request Apr 20, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: #6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@jasnell
Copy link
Member

jasnell commented Apr 20, 2016

Thanks! :-)

MylesBorins pushed a commit that referenced this pull request Apr 20, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: #6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This was referenced Apr 21, 2016
MylesBorins pushed a commit that referenced this pull request Apr 21, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: #6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
joelostrowski pushed a commit to joelostrowski/node that referenced this pull request Apr 25, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: nodejs#6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
jasnell pushed a commit that referenced this pull request Apr 26, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: #6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins pushed a commit that referenced this pull request May 17, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: #6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
MylesBorins pushed a commit that referenced this pull request May 18, 2016
Add `CHECK_NE(·, nullptr)` after allocations made when
spawning child processes.

PR-URL: #6256
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@MylesBorins MylesBorins mentioned this pull request May 18, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. child_process Issues and PRs related to the child_process subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants